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This listing of claims will replace all prior versions, and listings, of claims in 
the application: 



I \ft^f}^ of Claims: 

1. (Currently amended) A method for rollover of cryptographic keys during 
operation of a computer system, the method comprising-tt»*tepsH3f: 

^aj providing an old set of cryptographic loys romppsinn f^t l^^^t flf?t 




issuance is necessary, meanwhile maintaining the availability of the old set of 

cryptographic keys; 

^e) perfonning a rollover operation; 

if the rollover operatiorv4fl-ete|Me) results in new or revised keys, 

storing the new or revised keys In ethfi database; and 

^ If the rollover operatlon-hvsteM©) results in the new or revised keys. 

providing the new or revised keys to applications that need them when next 
requested by such applications. 

2 (Currently amended) The method of claim 1 . wherein chgckinav^^ 
eteMfef-the key repository ssmBEiSSS-Utilizinfles one or more services of a 
specialized application acting as an extension of the key repository. 

3. (Currently amended) The method of claim 2 «i(dfiiain*wrthew^^ 

ctop of* 

ir II >u Imy mpnrltnry iiti"-i"n- the one or more sen/Ices of the 
specialized application..oomfirlse8 authenticating authorization of the specialized 
application to perform thooo oorvicet.h<> one or mnr^ ^e^rvjce^ . 
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4. (Original) The method of claim 1 being invoked as a result of a command. 

5. (Original) The method of claim 1 being invoiced as a result of a periodic 
check which senses that the old set of cryptographic keys are approaching 
exp'tration. 

6. (Original) The method of claim 1 being invoked as a nasult of sensing an 
expired key. 

7. (Original) The method as in claim 1 , wherein the applications are notified of 
the presence of new keys by the Key Repository process. 

8. (Original) The method as in claim 1, wherein the applications detect -a 
missing key. and check with the Key Repository for that key and, if the missing key 
has been reissued, the applications receive a newly-issued key, 

g. (Original) The method as in claim 1 , wherein the Key Repository process is 
prompted by the applications to invoke the method as a result of the applications 
detecting a key approaching expiration. 

10. (Original) The method as in claim 1, wherein the applications request the 
Key Repository process to provide thereto a now or revised key as a result of the 
applications detecting an expired key. 

11. (New) A system . comprisi ng : 

a key repository configured to maintain at least a first key and a second 

key; and 

a database coupled to the key repository and storing secret information, 
wherein the first key protects an integrity of the secret information 
stored in the database and the second key protects access to the 
secret information stored in the database. 
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12. (New) The system of claim 11 further comprising at least one application 
that can access the key repository, wherein the at least one application Is pre- 
authorized to access the second key and can perform at least one function using 
the secret information without user intervention. 

13. (New) The system of claim 11 wherein the database comprises entries 
defining at least one user of a first group of users and at least two users of a 
second group of users. 

14. (New) The system of claim 13 wherein the first l^ey has a value that is 
based on a password associated with the first group of users. 

15. (New) The system of claim 13 wherein the second key has a value that 
comprises a plurality of value shares and wherein each value share is based on a 
password associated with the second group of users. 

16. (New) The system of claim 1 3 wherein a value associated with at least one 
of the first key and the second key is changed when at least one event occurs, the 
at least one event selected from a group of events consisting of: 

a user of the first group of users being added; 
a user of the first group of users being deleted; 
a user of the second group of users being added; 
a user of the second group of users being deleted; 
an algorithm used by the system being changed; and 
the database being rewritten. 

17. (New) The system of claim 13 wherein the key repository is configured to 
provide access to the second key in response to receiving a threshold number of 
valid passwords, each password associated with a different user from the second 
group of users. 



Page 4 of 9 momists-i 



i37966.i>V2ie2.aeEoo 



12/28/2004 16:20 FAX' 7132388008 



la 008/012 



Apph No, 09/736,717 

Amdt. dated December 28, 2004 

Reply to Office action of October 1, 2004 



1 8. (New) The system of claim 1 7 wherein the second key permits modification 
of at ieast one security parameter selected from the group consisting of: 

a threshold number of valid passwords required to access the second key; 
users assigned to the first group of users; 
users assigned to the second group of users; 

pre-authentication of an application to access at least one of the first l^ey 

and the second key without user intervention; 
cryptographic algorithms used by the system; and 
pre-authentication of a program to act as an extension of the key 

reposttory. 

19. (New) The system of claim 1 1 wherein the first key is used to encrypt a 
public key of an encryption algorithm. 

20. (New) The system of claim 19 wherein the public key is used to encrypt a 
value associated with the first key and values shares associated with the second 
key. 

21. (New) A method for rollover of cryptographic keys during operation of a 
computer system, the method comprising: 

providing an old set of cryptographic keys comprising at least a first 
cryptographic key and a second cryptographic key. wherein the first cryptographic 
key protects an integrity of secret information stored in a database and the second 
cryptographic key protects access to the secret information stored In the database; 

checking with a key repository to determine if a certificate re-issuance is 
necessary, meanwhile maintaining the availability of the old set of ciyptographic 
keys; 

performing a rollover operation; 

if the rollover operation results in new or revised keys, storing the new or 
revised keys in the database; and 
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if the rollover operation results In the new or revised keys, providing the 
nev. or revised keys to applications that need them v^hen next requested by such 

applioattons, 

wherein the applications detect a missing key. and check with the Key 
Repository for that key and. If the missing key has been reissued, the applications 
receive a newly-issued key. 
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